Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2024-46076
CRITICAL CVSS 9.8
Find Similar
RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code.
A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment l
RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Addition
RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list.
CVE-2024-57521
CRITICAL CVSS 10.0
Find Similar
SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.
Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create.
CVE-2024-42913
CRITICAL CVSS 9.8
Find Similar
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method
CVE-2026-38812
CRITICAL CVSS 9.8
Find Similar
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges
Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL
A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/logi
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler.
A vulnerability was found in ageerle ruoyi-ai 2.0.0 and classified as critical. Affected by this issue is the function speechToTextTranscriptionsV2/upload of the file ruoyi-modules/ruoyi-system/src/ma
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger U
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument use
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeCo
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of add_project_c
Page 1+ Next →